Merge pull request #1538 from smeet07/patch-1

documents when to avoid setting anon auth command line option
vmware-tanzu · Jun 1, 2023 · 533c41f · 533c41f
2 parents d4b20b3 + 4f3c081
commit 533c41f
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/site/content/docs/reference/supported-clusters.md b/site/content/docs/reference/supported-clusters.md
@@ -37,3 +37,6 @@ token credential request API strategy by default.
 
 To choose the strategy to use with the concierge, use the `--concierge-mode` flag with `pinniped get kubeconfig`.
 Possible values are `ImpersonationProxy` and `TokenCredentialRequestAPI`.
+
+Do not use the command line option `--anonymous-auth=false` in the `kube-apiserver` CLI for a cluster that does not use the impersonation proxy strategy. This is because the `kube-apiserver` blocks unauthenticated access to the TokenCredentialRequest API of the Concierge, which will prevent users from being able to authenticate. 
+This does not matter while using the impersonation proxy strategy, which will allow these TokenCredentialRequests requests anyway.